Hacking ESXi For SSH Login Without Password

As a powerful virtualization server, ESXi has a built-in SSH server even though it’s not enabled by default. That is what most system adminstrators use to remotely run commands there. ESXi also has a built-in SSH client so that you can ssh to other servers from ESXi. To use SSH as either server or client, you need to open up firewall. You can use vSphere Client to do it ( on host’s Configuration tab, check out the Security Profile in Software section), or simple with command line as follows.

If you want to use SSH client in ESXi without password, which is harder than to SSH to it without password, you need to do a bit more work. Most of the tutorials you find will not work because there is no ssh-keygen command in ESXi. The following are the steps on hacking this.

First, find a Linux machine which normally has ssh-keygen already. I here use the SSH server for ESXi. In that Linux machine, login as the user you want to use for logining from ESXi server, say root, and run the ssh-keygen command. When prompted “Enter file in which to save the key (/root/.ssh/id_rsa)”, type in esx_id_rsa. For the rest of the questions, just enter. When it’s done, you will have two more files in the /root/.ssh/ directory: esx_id_rsa and esx_id_rsa.pub. The first is the private RSA key and the second is the public RSA key.

# ssh-keygen

# ssh-keygen

Secondly, copy the public key into the /root/.ssh/authorized_keys file as follows: (don’t use > in place of >>, or you would lose other authorized keys)

# cat esx_id_rsa.pub >> ./authorized_keys

# cat esx_id_rsa.pub >> ./authorized_keys

Thirdly, send the private RSA key to the ESXi server. You can use scp from either side. The following is the command from ESXi side. If you don’t have /.ssh directory, create one with mkdir command.

For the first time, it would check with you whether you want to connect to remote server with printed thumbprint. If can skip it with additional command options, but you can also type yes and the remote server ID will be saved to /.ssh/known_hosts so you won’t be asked again later.

To simplify the process, we use the same Linux machine for key generation and for SSH server. Now that you have the public key and you can send it to whatever remote SSH server and copy (cat) in the ~/.ssh/authorized_keys.

Can you do the same when ESXi as SSH server? In other words, can you login ESXi from another machine without password? Try it out by yourself. It should be easier (Hint, think about /.ssh/authorized_keys).

NEED HELP?

My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.